You are here

Short version: after finally updating all my Linux machines to the latest version of Ubuntu/KDE, I can no longer run my Drupal 7 test environments. This means I can no longer test any changes to Eviscerati.org, which makes me uncomfortable.

Drupal 8 runs fine though. Which means... ugh, I don't even want to say it. I may have to migrate the site from D7 to D8.

In the process of trying to turn on SSL I've discovered that the ads served by Project Wonderful are only served over http: and not https:. This is what has been causing your browsers to report that some of the content on this site isn't secure.

I've been in contact with Project Wonderful and they plan to enable SSL-supported advertising soon, but it's not ready yet. I've volunteered to beta test it for them when the time comes, but until then I'm turning ads off. I don't consider Project Wonderful a security risk at all, I just think it's better for people visiting my site not to have to keep encountering those browser warnings.

You may or may not be aware of Firesheep, a Firefox plugin that makes it ridiculously easy to commit identity theft. It was released about the same time EvisceratiNet went live, and had about 200,000 downloads in the first two days. I just found out about it yesterday.

Here's the short version: when you sign in to most web sites, the web site will mark you as logged in by placing a cookie in your browser that essentially says "yeah this guy's OK." Most of these cookies are unencrypted -- that is, there are no particular safeguards against another browser reading and/or using that cookie other than it's being sent to you and the general expectation is that it won't be intercepted and used by anyone else.

However, if you're getting these cookies over a wireless connection, especially a public one, it is actually possible, and apparently very easy, for anyone with the right equipment to collect any cookies sent your way. Firesheep does just that. When you activate the plugin a new bar appears in your Firefox browser with a list of every insecure cookie it finds. And if you click on one of those cookies, it logs you in to whatever service the intended recipient of the cookie was trying to access.

Welcome back. You may have noticed the "under construction" sign that's been up for the last two or three weeks (I honestly can't remember how long it's been at this point -- it's all one big nightmarish blur). The site has gone through some fairly radical changes under the hood, and I'm pleased to say that they appear to have been mostly successful. Mostly.

Of course, most of the changes required I lock everyone out while I was doing them, so they haven't been properly tested. Welcome back, beta team!

... and it was me. The site was inundated with blogspam. I've removed the offenders. Those of you missing posts probably replied to a spammer to comment on it -- my spam filter removes replies as well as the offending posts itself. Sorry for that, I still haven't added the module that fixes that problem.